Overview

Measures and monitors the performance of Governance, Risk and Compliance (GRC) programs. Partners with cross-functional stakeholders to assess data risk, establishes governance and maintains information security compliance. Implements and monitors a mix of strategic, operational and administrative support responsibilities.

Responsibilities

• Measures and monitors the maturity level of the established security programs and existing data controls, including conducting periodic assessments to identify gaps and opportunities for improvement.
• Develops and maintains performance metrics to measure the success of the Governance, Risk and Compliance (GRC) program.
• Conducts information security risk assessments and compliance audits to ensure the organization is meeting its security goals and complying with regulatory requirements.
• Works with IT and business partners to design, implement and track information security compliance controls to address current data risks, control gaps and emerging threats.
• Serves as a liaison with internal departments and external stakeholders such as auditors to effectively communicate requirements and deliver results.
• Supports vendor due diligence and security assessments.
• Supports the development and implementation of Information Security policies, standards and procedures that support security best practices.
• Supports the development and administration of the Information Security Awareness Program.

Qualifications

• Must have at least 1 years of governance, risk and compliance (GRC), audit or risk assessment experience and/or 3 years of information systems experience, preferably in the financial services industry or other highly regulated industry/sector.
• Experience with risk assessments and regulatory controls, preferably information security and/or financial services.
• Familiarity with information security best practices, disaster recovery and business continuity planning.
• Knowledge of FFIEC, NCUA (ACET) security controls, CCPA laws and regulations related to financial services preferred.
• Exerience meeting project deadlines and tracking project details such as associated follow up tasks.
• Must have advanced computer skills and a thorough working knowledge of MS Office Suite; working knowledge or familairy with data visualization tools preferred (e.g. PowerBI, Tableau, etc.).
• CGEIT, CRISC, CISA, Security , CompTia Cybersecurity Analyst, or similarly recognized risk management, audit, or security certification required upon hire or within 6 months of hire.
• Bachelor’s Degree in related field preferred.
• Must demonstrate conduct consistently with our Corporate Values.

PHYSICAL DEMANDS - The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

While performing the duties of this job, the employee is required to use a computer workstation and is frequently required to stand / sit and to talk and hear. The employee is occasionally required to be mobile (e.g. in the office envornment or while on a site visit); use hands to finger, handle, or feel (e.g. use a computer); reach with hands and arms; climb or balance; stoop, kneel, crouch, or crawl and taste or smell. The employee must occasionally lift and/or move up to 50 pounds. Specific vision abilities required by this job include color vision (e.g. when developing or interpreting graphical material, reports, documents, etc.).

WORK ENVIRONMENT - The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.

The employee will be provided a work station in an open office environment. The noise level in the work environment is usually moderate.

This job description is not designated to cover or contain a comprehensive listing of responsibilities, duties or activities that are required of the employee for this job. Responsibilities, duties and activities may change at any time with or without notice. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.